Unprecedented Leak: 16 Billion Passwords

by Justin Erickson

Reports surfaced of a “record-breaking” leak containing 16 billion login credentials for services such as Apple, Google, and Facebook. Although not confirmed, it is likely these services and many others have been breached. The database aggregates 30 exposed datasets—many from infostealer malware logs—rather than just being taken from a single malicious actor or group. Bleeping Computer looked at this collection and confirmed it consists largely of credentials that have circulated for months or years, exposed in data breaches through credential stuffing attacks. The reason this is so dangerous is because it shows that threat actors can use this as a “blueprint for mass exploitation” – if the login credentials have not been changed, large scale phishing attacks and account take-overs are possible. To protect yourself, it is HIGHLY suggested to use a password manager, use strong and secure passwords on every site, change your passwords periodically, use multi-factor authentication, and monitor your accounts for suspicious activity.